VPN and windows NT4 password changes

we have receently set up a cisco 3030 concetrator using NT authentication. This works fine until your NT password expires and requests that you change the password. I get authentication failure and in the cisco event log it says "322 02/21/2001 11:50:19.290 SEV=3 AUTH/5 RPT=10 212.38.69.171 Authentication

Re: VPN and windows NT4 password changes

It may have something to do with the way NT authenticates LanManager (LM) clients, I'll try not to make this to long as you could write a book on this process alone.

Windows NT 4 >SP4 supports both LM and Windows NT Challenge\responce (NTLM), it can keep two versions of the same password in the SAM database. but if you change the password on a windows NT4 workstation the LM version is deleted under most conditions.

This may be a problem with a BSDI based device like the Cisco 3000's(I think it's BSDI based anyhow), as the 3000 most likely only uses the LM authentication (I think).

I suggest you install the latest RRAS onto the NT4 server and configure Radius on it and then reconfigure the 3000 to use radius as this should get around the LM auth problem (that is if it is the problem)

Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...
view more